Essential Eight Maturity Model

The Australian Signals Directorate (ASD) has released a guide to IT security titled ‘ASD’s Strategies to Mitigate Cyber Security Incidents’ publication. The guide which includes the “Essential Eight” is aimed at assisting organisations mitigate cyber security incidents caused by various cyber threats. Even though the guide is aimed at Government organisations, it is useful reading for all small – medium business.

Tips to Protect Your Business From Cybercrime

With cybercrime costing Australian businesses upwards of $1 billion annually, Mailguard have published an interesting article that examines the key areas to consider when preparing your business to defend against online threats.

Australian Small to Medium Businesses Hit Hard By Cyberattacks

One in five Australian small and medium-sized businesses have been hit with a cyber-attack and 2016 saw an increase in Phishing scams and ransomware attacks.

Norton’s recent cyber security survey has found that many Australian SMBs are still ill-equipped or unwilling to assess and proactively secure their devices and data to minimise the threat and effect of cyber-attacks. Ransomware is still ‘King’ and the Aussie mantra of “She’ll be right mate – it can’t happen to me” seems to be a good reflection of many small business’ approach to cyber security.

The survey also found that a quarter of small businesses have no Internet security solution and that the Backup and recovery capability of many is very poor.

The Mobile Device Forensic Company ‘Cellebrite’ Under Scrutiny

While Cellebrite stated that the data that had been stolen was only "basic contact information" it now appears that it contained much more including possible source code for the UFED mobile device used globally for analysis of mobile phones.

Census Website Crash - DDoS or Incompetence?

Since the Census website was brought down on 9 August (either by DDoS attack or system failure from unexpected real Census traffic) there has been a flood of speculation as to whether the website was properly designed knowing that it was going to be subject to global attention.

One of the main motivations for a system compromise is notoriety so it's not a quantum leap to understand that the Census would attract a lot of attention. This article from News.com.au provides a great overview of the fallout from the Census website.

FIN4 Hacking Group targets Firms for Stock Market Profit​

FIN4 Hacking Group targets Firms for Stock Market Profit​

A group of malicious hackers are using well-crafted spearphishing emails to target the email accounts of executives with access to confidential information.The group dubbed FIN4, has been operating since 2013 and is focused on gathering non-public information about merger and acquisition deals.FIN4 does not infect victim systems with malware. Their approach is to try and acquire the usernames and passwords of their targets in order to view confidential email correspondence.

Researchers from FireEye have published this flyer on the workings of FIN4.

TeamViewer Account Breach

TeamViewer Password Breach

An internal investigation by TeamViewer was launched last month after multiple complaints from users that their accounts had been accessed by “..criminals who used their highly privileged position to drain PayPal and bank accounts”.

TeamViewer have acknowledged that the number of account takeovers has been significant but claims that they have occurred because of compromises of other services such as LinkedIn and MySpace as well as the use of simple passwords.

TeamViewer users should activate Two Factor Authentication as a strengthened position against password compromise.

LinkedIn Breach

Following a breach of LinkedIn systems in 2012 where more than 6 million encrypted user passwords were exposed, LinkedIn has now revealed that the compromise has possibly affected more than 117 million user accounts. This follows a LinkedIn database of user account details including passwords being offered for sale online.